W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2016

Re: [suborigins] Accessing workers from suborigins

From: Göran AP Eriksson <gaperik@gmail.com>
Date: Wed, 3 Feb 2016 22:53:06 +0100
Message-ID: <CAFAFLMHC7A8tVTf5zjcoL_VPd13udsXnZVuKJYpDwWArMwfZtg@mail.gmail.com>
To: Devdatta Akhawe <dev.akhawe@gmail.com>
Cc: Mitar <mmitar@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Hi Dev,

Just to flag that there are more of us out there thinking as Mitar (fetc
events from suborigins).

Looking forward to the first version we can comment.

regards
Göran

2016-02-03 22:32 GMT+01:00 Devdatta Akhawe <dev.akhawe@gmail.com>:

> Hi Mitar
>
> thanks for your interest!
>
> The simple reality is that the sub-origin spec is not really at a
> stage where you can review it. We are working on figuring things out,
> checking implementation in browser as well as application use cases.
> Both spec and implementation are in serious flux. I suggest holding
> off for now: once the editors feel like it is in a reasonable shape
> for a first review, we will be sharing it on this list.
>
> cheers
> Dev
>
> On 3 February 2016 at 12:14, Mitar <mmitar@gmail.com> wrote:
> > Hi!
> >
> > So, based on the current draft (29 January 2016), web workers should
> > work from suborigins, but currently this is not yet implemented in
> > Chrome (https://code.google.com/p/chromium/issues/detail?id=580320).
> > So this is just not yet implemented? Because I saw some tests which
> > test that you cannot create a web worker at all when suborigin is in
> > effect? Is this just temporary?
> >
> > I would also pitch in against the current text about service workers,
> this part:
> >
> >> As a result of the above restriction on Workers, since a Service Worker
> cannot be created by a Suborigin, no Service Workers will be able to
> intercept the requests of a Suborigin.
> >
> > Please do not prevent this. We currently use service worker to
> > intercept requests from suborigins and then based on a suborigin
> > decide what to do, which resources to serve and how. As currently
> > implemented in Chrome this works well, so no need to remove/prevent
> > it. :-)
> >
> >
> > Mitar
> >
> > --
> > http://mitar.tnode.com/
> > https://twitter.com/mitar_m
> >
>
>
Received on Wednesday, 3 February 2016 21:53:35 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC